Hardware and Software Acquisition Policy


  • The Department of Information Technology is responsible for acquiring and maintaining all software and hardware products, contracts, and services purchased with university funds. IT replaces hardware through a replacement cycle and maintains a software library that meets the needs of most users.
  • IT will neither install nor support hardware or software that has not been approved in advance of purchase. IT can help with determining if Milligan already owns hardware and software to meet your needs.


Computer hardware includes desktop computers, laptops, tablets, printers, cameras, etc. Offices that require hardware should contact IT to request quotes from vendors, complete the equipment purchase, and install and support hardware. In some cases, IT may have suitable refurbished hardware on hand that will meet the current need.


IT provides a standard computer software image for new computers. This image creates a consistent technology environment that is secure and compliant with licensing agreements. Some departments may require additional software. If so, the following process applies:
  • IT must be included in all software acquisitions, including cloud acquisitions, to ensure compliance with the campus infrastructure.
  • All software vendor software demonstrations should include IT.
  • IT will ensure that the software meets all operational requirements as well as the user needs. Additionally, the data hosting and storages services will be reviewed by IT.
  • IT will assess the level of internal support necessary and those services will either be provided by IT or will need to be purchased from the vendor.
  • All software quotes should be submitted by IT to the vendor so that the IT department can ensure the quotes are based on current system configurations, all discounts are included in the quote, appropriate licensing and support services are included, and educational and non-profit discounts are applied.

Vendor Compliance:

  • All vendors that provide cloud-based services must meet acceptable industry security standards. The determination for compliance is based on several factors.
    1. Vendors must provide their SOC 1 or SOC 2 reports, their SSAE-16 (formerly SAS-70) or comparable compliance documents, and audit reports as needed that illustrate the vendor has committed an appropriate level of resources to data protection and security.
    2. The software under review must provide a high quality service that improves our technology environment without jeopardizing network or server performance, data integrity or data security.
    3. All software that requires data exchange that may include FERPA or HIPAA protected information must comply with all state and federal requirements.